Although computer users working remotely from home often use cloud services, this is not always done with the approval of their company. Using suitable security tools, companies can maintain an overview of cloud use and exclude risky or undesirable tools.
Zoom and similar services have shown that cloud applications are popular, but frequently beyond control. Zoom’s security problems repeatedly made the headlines, but a lot of other popular cloud-based services are little better. This needs to be seen against the background of the huge increase in cloud services caused by the Covid-19 pandemic, because companies were rarely able to provide suitable company applications to employees who were suddenly exiled to work from home. At the same time, data exchange and communication with outsiders like business partners, contractors or field sales personnel are on the increase. They too should be able to access a company’s cloud services. In this context, IT security often falls by the wayside. The situation is exacerbated by trends like hybrid cloud or multi-cloud, i.e., the combination of several cloud providers and services, which makes it more difficult to implement security strategies.
Control calls for oversight
IT security departments try to regain control using various technologies. Often, the first thing to do is gain an overview of the cloud services being used. Experts consider a Cloud Access Security Broker (CASB) to be fundamental to this task. Considered logically, a CASB functions as an intermediary between cloud users and cloud services. Its job is to control data flows and implement security guidelines. In addition, brokers can visualize the cloud use of a company, even over several cloud platforms. Undesirable cloud services are generally identified automatically and are easy to block. This means that a CASB also offers a suitable solution for obtaining an overview of the shadow IT in a company and for regulating its proliferation. To learn about shadow IT, see our article.
A CASB can control access based on devices or users. For example, it is possible to prescribe multi-factor authentication for specific services or to enforce a certain encryption process for data transfer between cloud and company.
Generally, the CASB is operated as a central gateway, but other solutions are available that can be integrated into applications or communicate with them, for example as an API (application programming interface). As a gateway, a CASB directly controls the data flow and can take immediate defensive measures in the event of security issues or attacks. However, to this end the CASB appliance needs to be powerful enough to analyse all relevant data transfers in real time. The API version, on the other hand, can obtain information directly from the cloud application. Alternatively, software-as-a-service (SaaS) options, or even as cloud services, are also available.
Wide range of products
Numerous vendors meanwhile have suitable products in their portfolios. The technology is regarded as mature. However, an important selection criterion is integration into existing security tools like an SIEM (Security Information and Event Management) tool. Securing your own cloud instances, for example virtual machines on Amazon AWS or Microsoft Azure, is usually done using other or additional technologies. Meanwhile, cloud providers are often offering their own security tools. There are also complementary security technologies available like Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platforms (CWPPs).